CVE-2019-15016

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database...

CVE-2019-6340 Drupal core - Highly critical - Remote Code Execution

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

PT-2019-18086 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions 8.5.x before 8.5.11 Drupal versions 8.6.x before 8.6.10 Description: Some field types do not properly sanitize data from non-form sources in Drupal. This can lead to arbitrary PHP code execution in some cases. A site is only...

DRUPAL-CORE-2019-003

Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services rest module enabled and allows GET, PAT...

ALPINE-CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

Command injection

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...

CVE-2017-6320

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...

CVE-2017-6397

An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several -sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95)

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

WordPress HDW Video Gallery Plugin <= 1.2 - Cross-Site Scripting (XSS)

Because of this vulnerability, the variable playlist appears to send unsanitized data back to the users browser. Solution Update the plugin...

WordPress New Year Firework Plugin <= 1.1.9 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable text appears to send unsanitized data back to the users browser. The vulnerable file is /new-year-firework/firework/index.php. Solution Update the plugin...

PY Software Active Webcam 4.3 Webserver Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9261/info A vulnerability has been reported to be present in the software that may allow a remote attacker to execute HTML or script code in a user's browser. It has been reported that the problem arises when the software...

XOOPS 2.5.4 - modulespmpmlite.php?to_userid Cross-Site Scripting

XOOPS 2.5.4 - modulespmpmlite.php?touserid Cross-Site Scripting source: https://www.securityfocus.com/bid/53143/info XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

RabbitWiki - title Cross-Site Scripting

RabbitWiki - title Cross-Site Scripting source: https://www.securityfocus.com/bid/51971/info RabbitWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browse...

JBoss RichFaces Online Persistent Xss Vulnerability

No description provided by source. Name : RichFaces Online Persistent Xss Vulnerability Date : Sept,1 2010 Vendor Url : http://exadel.com/web/portal/home Author : Sid3^effects aKa HaRi shellc99atyahoo.com Big hugs : Th3 RDX,Hananbutt special thanks to : r0073r inj3ct0r.com,L0rd...

Realty Web-Base 'admin/admin.php' Multiple SQL Injection Vulnerabilities

Realty Web-Base is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in a SQL query. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Quick CMS Lite 2.1 - &#039;admin.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/31210/info Quick.Cms.Lite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Quick Classifieds 1.0 - controlcenteruserSet.php3?DOCUMENT_ROOT Remote File Inclusion

Quick Classifieds 1.0 - controlcenteruserSet.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issue...

phpIP 4.3.2 - Numerous SQL Injection Vulnerablities

There exist numerous SQL injection vulnerabilities in phpIP 4.3.2, and probably previous versions. Most of the data obtained from the request variables $GET, $POST, $COOKIE, etc is not sanitized before it is passed to MySQL. This may result in un-authorized administrative access to phpIp and...